If you're really unlucky, a lost laptop could cost your company almost $50K, …

Share this story

A new report by the Ponemon Institute in conjunction with Intel claims that the average cost to the enterprise of a stolen or lost laptop is $49,246, once you factor in not just replacement but intellectual property loss, lost productivity, forensics, and other downsides.

The survey, which studied 128 laptop loss incidents from 29 different companies, breaks down that $50,000 average cost as follows:

Laptop replacement cost: $1,582

Detection & escalation cost: $262

Forensics & investigation cost: $814

Data breach cost: $39,297

Intellectual property loss: $5,871

Lost productivity cost: $283

Other legal and regulatory costs: $1,117

Obviously, the biggest costs by far are data breach and IP losses, and these are also the hardest to realistically account for. The study defines IP losses this way: "Lost intellectual property is a calculated variable based on the estimated economic value of the lost business confidential information X the probability that this information would end up in the hands of an adverse party." As for "data breach losses," those are the number of records multiplied by the per-record cost. Clearly, there's a ton of fudging room there, but that's not even the biggest reason to discount the headline $50K/laptop number.

The main problem with basing anything on the survey's average cost of a stolen laptop is the distribution of the results, which clearly shows that the average numbers are the result of a few very large outliers at the top end.

So the $50K number reminds me of the old joke about Bill Gates walking into a bar and thereby raising the average net worth of those in the room to hundreds of millions. I imagine that the best way to determine if there are truly reliable models for determining the total cost of a laptop theft is to see if anyone will sell you an insurance policy that covers everything listed by Ponemon (if anyone knows of such, drop me a line via the discussion thread).

In conclusion, the study shows that for the great majority of laptop losses, the cost is a few thousand dollars, which is just the replacement cost plus the worker-hours lost to decreased productivity, detection and escalation, and forensics. It's the outlier incidents that you have to worry about, which, again, suggests that insurance is probably the best way to address the issue.

Other findings

The report also found that the use of encryption cuts the average cost of a loss roughly in half, and, as the Intel rep pointed out on the conference call, hardware is the best place to put such encryption. (Obviously, Intel believes vPro is the answer here.) Also of interest to Intel (from the vPro-boosting angle) was the study's conclusion that the quicker an incident is reported the lower its cost is; the connection here with Intel's "poison pill," which IT can use to remotely disable a lost or stolen laptop, is obvious.

Another interesting finding, and this seems plausible regardless of who sponsored the study, is that the laptops of contractors and mid-level managers are significantly more costly to replace than C-level laptops, mainly because C-level folks aren't likely to have things like customer or patient databases on their laptops. Managers and directors had the highest average costs (both about $61,000), while executives had the lowest cost to replace at $28,000.

Perhaps the most counterintuitive result from the study is that having a full backup of the lost or stolen laptop actually increases the average incident cost by almost 50 percent. The theory put forth for this by Ponemon is that "the backup makes it easier to confirm the loss of sensitive or confidential data (i.e., ignorance is bliss hypothesis)."